RE: idea about encrypting passwords..

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 22-05-06 04:01

I beg to differ with you, Grindordie. IF you use a double md5, you're simply adding another process that the hacker has to go through, only realyl slowing down the bruteforcer, not adding extra security.

On ther other hand, Black Cat's solution involves Sha1. I'd recommend Sha1 with a 256-bit key. That way they'd have to guess the key first.

Author

RE: idea about encrypting passwords..

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 22-05-06 04:12

Okay, time for me to get a word in again. . .

First:

b1tw1s3 wrote:
Sure it may end up being an odd password like "%4Hs*kZ", but it'd still generate the same hash and therefore solve our purposes.

That wouldn't work, because the plaintext would be put through the same algorithm as the website, not simply a single md5 so the results would be different.

Second:
Adding a double hash or anything else for that matter DOES increase the security. Adding something extra that cannot be cracked with nothing more than downloading a program will eliminate about 90% of the people out there because they're either to lazy to program something to crack it themselves or they don't know how to in the first place. Also, it may not seem like much of a difference, but the more times a string is hashed, the longer it takes to encrypt that string. . it may be milliseconds, but when you're talking about two billion tries to reach the desired password, it adds up fast.

And like I said before, I would still recommend creating your own algorithm instead of relying on one that has had years for people to find methods on how to break and bypass it.

Author

RE: idea about encrypting passwords..

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 29-05-06 15:51

no dont use a new one you made up. you shouldnt relay on obsurity for security. use a tested scheme.

Author

RE: idea about encrypting passwords..

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 29-05-06 15:52

no dont use a new one you made up. you shouldnt relay on obsurity for security. use a tested scheme.

Author

RE: idea about encrypting passwords..

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 29-05-06 16:05

i am with jake on this one. if you have an old method of anything especially encryption that's been around for a bit and how to decrypt it is publicly known then its way easier to decrypt it than a new one thats unknown. lol. for example most people cant do much of the encryption challenges on HBH. but i bet you $100 that if i told someone how to decrypt it then duh they could and would lol. So back to realisticly, people know how to decrypt MD5's quite easily. So that isn't much of a problem. But if someone like Jake makes their own encryption that is very good and nobody knows how to decrypt it then um...lol i think i would roll with Jake for my encryptions lol. Thats my 2 cents

Author

RE: idea about encrypting passwords..

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 29-05-06 16:14

ok fair enough for people with limited rescourse. but for any seriouse work you want kept secret over a long time use a tried and tested method?

http://en.wikipedia.org/wiki/Security_through_obscurity

Author

RE: idea about encrypting passwords..

Member

Posts:Location:Joined: 01.01.70 Rank: Guest

Posted on 29-05-06 17:28

Bouncer - are you talking about decrypting it other than brute force or a dictionary file?